Re: Prime Infrastructure 3.3 SNMPv3 issue

inarp · ‎02-13-2018

Wondering if anybody else out there has an issue with Cisco Prime Infrastructure 3.3 and SNMPv3

We're seeing weird behavior in Prime where a site icon goes "Green" when verifying SNMP credentials, but after some time, the status icon shows amber with exclamation mark. (most likely when its trying to sync on its own)

We're polling mostly Cisco 3850's.

When we add a new switch it says "Successful" with our SNMPv3 profile in. Credentials are always "Successfully Validated" and shows "Green" or Reachable in prime.

After a certain amount of time it goes amber to "SNMP Unreachable and Pingable" by itself.
After manually syncing, it will go Green again, but eventually will go amber when it sync's on its own..

After sometime it will show:

After a manual sync it will show green again:

Then goes back to amber, with this:

Just wondering if anybody else is having this problem?

bolamiposi · ‎02-15-2018

We are actually having this problem as well, on PI 3.3, hopefully you get some response here and if I equally get some resolution I will post same.

We have routers (4400 series) and switches, every interval we get " Device is unreachable via SNMP
and ping(ICMP) is successful."

And then the other weird thing is the Prime infrastructure is performing SSH login into devices every 3 minutes, which is clogging up our log server. Seen something like that too?

Feb 14 13:40:26.789: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:] [Source: [localport: 22] at 13:40:26 AST Wed Feb 14 2018
Feb 14 13:40:26.843: %PARSER-5-CFGLOG_LOGGEDCMD: User:201server logged command:!exec: enable
Feb 14 13:42:28.408: %SYS-6-LOGOUT: User 201server has exited tty session 868(
Feb 14 13:43:36.875: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: 201server] [Source: ] [localport: 22] at 13:43:36 AST Wed Feb 14 2018
Feb 14 13:43:36.937: %PARSER-5-CFGLOG_LOGGEDCMD: User:201server logged command:!exec: enable
Feb 14 13:45:38.415: %SYS-6-LOGOUT: User 201server has exited tty session 868(
Feb 14 13:46:48.844: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: 201server] [Source: ] [localport: 22] at 13:46:48 AST Wed Feb 14 2018
Feb 14 13:46:48.904: %PARSER-5-CFGLOG_LOGGEDCMD: User:201server logged command:!exec: enable

inarp · ‎03-01-2018

This is a new bug. Confirmed. AES-192 / AES-259 with Prime Infrastructure 3.3

No workaround as of March 1 2018.

“CSCvi21956 -PI 3.3 Inventory displays an invalid Reachability status for devices using AES-192 & AES-256 as priv type”

Symptom:
Reachability status is invalid in PI 3.3 for devices using AES-192 & AES-256 as SNMP V3 priv type although credential verification & Inventory collection are being successful.

Conditions:
PI 3.3.0 (OR) PI 3.3 Device pack 1
Add a device using AES 192 & AES-256 as SNMP V3 privacy type, Reachability shows up as "Ping Reachable/SNMP Unreachable"

llewesc11 · ‎04-12-2018

This has been fixed in 3.4:

https://software.cisco.com/download/release.html?mdfid=286317405&catid=268439477&softwareid=284272932&release=3.4.0&relind=AVAILABLE&rellifecycle=&reltype=latest

louis BOURRIENNE · ‎10-29-2018

I'm currently in version 3.4.1 and got this issue.
I have open a cisco TAC case to work on it.

Mayuresh Meshram · ‎01-22-2019

Hello louis BOURRIENNE ,

Problem has been resolved ??? what TAC suggested ?

we are facing the same issue with 3.4.1

reypcanada · ‎09-26-2019

We are currently on PI 3.5 and getting this kind of issue. Tried all the steps above and got the same results. Hope TAC will have a solution